The hacking group exploited compromised user accounts, including Exchange Administrators, to monitor high-profile inboxes and maintain control. Despite their efforts to disrupt operations, security defenders successfully thwarted the attack, preventing ransomware deployment. #ScatteredSpider #AzureFirewall
Keypoints
- The threat group assigned elevated roles to compromised users, such as Exchange Administrator.
- Attackers monitored high-profile employee inboxes to stay ahead of security defenders.
- Security teams detected the attack and engaged in a control tug-of-war over IT resources.
- Scattered Spider attempted to disrupt business by deleting Azure Firewall policy rule collections.
- The attack was ultimately thwarted, preventing the deployment of ransomware.